OS = Ubuntu 18.04 in an LXD container
Samba 4.11.x and up
Is there a way to have DNS resolution on the server that can coexist with
the samba ad dc internal DNS server? The way that I have it set up,
whenever samba is not running, then I can't use any web resources b/c
everything goes through the samba internal DNS. So I can't do system
updates and upgrades unless samba is running.
I saw this discussion (
https://lists.samba.org/archive/samba/2020-August/231345.html) between
Louis and Rowland but didn't know if it might apply to my situation.
~# cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
eth0:
dhcp4: false
addresses: [192.168.0.11/16]
gateway4: 192.168.0.200
nameservers:
search: [mydom.samdom.com]
addresses: [192.168.0.11, 192.168.0.14, 192.168.0.200]
192.168.0.11 is this server
192.168.0.14 is another AD DC
192.168.0.200 is a router/gateway
Thanks,
Jonathan Kreider
On 16/09/2020 01:19, Jonathan Kreider via samba wrote:> OS = Ubuntu 18.04 in an LXD container > Samba 4.11.x and up > > Is there a way to have DNS resolution on the server that can coexist with > the samba ad dc internal DNS server? The way that I have it set up, > whenever samba is not running, then I can't use any web resources b/c > everything goes through the samba internal DNS. So I can't do system > updates and upgrades unless samba is running. > > I saw this discussion ( > https://lists.samba.org/archive/samba/2020-August/231345.html) between > Louis and Rowland but didn't know if it might apply to my situation. > > ~# cat /etc/netplan/50-cloud-init.yaml > # This file is generated from information provided by > # the datasource. Changes to it will not persist across an instance. > # To disable cloud-init's network configuration capabilities, write a file > # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: > # network: {config: disabled} > network: > version: 2 > ethernets: > eth0: > dhcp4: false > addresses: [192.168.0.11/16] > gateway4: 192.168.0.200 > nameservers: > search: [mydom.samdom.com] > addresses: [192.168.0.11, 192.168.0.14, 192.168.0.200] > > 192.168.0.11 is this server > 192.168.0.14 is another AD DC > 192.168.0.200 is a router/gateway > > Thanks, > Jonathan KreiderYou can run as many dns servers as you like on a DC, they just cannot run on the same ipaddress and port. For example, if the DC's ipaddress is 192.168.1.2, the DC's internal dns server would be running on 192.168.1.2:53, so you couldn't run another dns server on that IP/port, but you could run one on 192.168.1.3:53 and this would require another network device, real or virtual. Of course, if you add another DC at any point, it all becomes moot, you would not be able to turn your DC's off as you would break replication. Rowland
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jonathan Kreider via samba > Verzonden: woensdag 16 september 2020 2:20 > Aan: samba at lists.samba.org > Onderwerp: [Samba] AD DC DNS question > > OS = Ubuntu 18.04 in an LXD container > Samba 4.11.x and up > > Is there a way to have DNS resolution on the server that can > coexist with > the samba ad dc internal DNS server?Yes> The way that I have it set up, > whenever samba is not running, then I can't use any web resources b/c > everything goes through the samba internal DNS. So I can't do system > updates and upgrades unless samba is running.Ah, a resolving design flaw ;-) small one, and common one. My solution would be really simple, i keep samba running.. :-/ Lots of options here, Or just add 1 internet dns server in resolv.conf. Or in your router as ip/dns forwarder if possible. If you can add a forward zone in you router for example. Like internal.domain.tld and forward that your samba-ad-dc> > I saw this discussion ( > https://lists.samba.org/archive/samba/2020-August/231345.html) between > Louis and Rowland but didn't know if it might apply to my situation.Ah, thats not a discussion, its just me telling, you can chainlink as many dns servers as you want. But wize, no offcours not.> > ~# cat /etc/netplan/50-cloud-init.yaml > # This file is generated from information provided by > # the datasource. Changes to it will not persist across an instance. > # To disable cloud-init's network configuration capabilities, > write a file > # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with > the following: > # network: {config: disabled} > network: > version: 2 > ethernets: > eth0: > dhcp4: false > addresses: [192.168.0.11/16] > gateway4: 192.168.0.200 > nameservers: > search: [mydom.samdom.com] > addresses: [192.168.0.11, 192.168.0.14, 192.168.0.200] > > 192.168.0.11 is this server > 192.168.0.14 is another AD DC > 192.168.0.200 is a router/gatewayNothing wrong with this. What i did for my home network. 1 samba ad-dc + dns 1 router + dns forwarders I added the samba primary dns domain to the resolver settings in the router. So internal.domain.tld > ip_samba_dns (if you router is capable) Pc is set to, dns1 samba, dns2 router. Samba turned off, fine, dns2 forwards to the internet. Samba up again, fine, dns1 forards to the internet. Good luck, Greetz, Louis
On 16/09/2020 08:57, L.P.H. van Belle via samba wrote:> > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Jonathan Kreider via samba >> Verzonden: woensdag 16 september 2020 2:20 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] AD DC DNS question >> >> OS = Ubuntu 18.04 in an LXD container >> Samba 4.11.x and up >> >> Is there a way to have DNS resolution on the server that can >> coexist with > the samba ad dc internal DNS server? > Yes > >> The way that I have it set up, >> whenever samba is not running, then I can't use any web resources b/c >> everything goes through the samba internal DNS. So I can't do system >> updates and upgrades unless samba is running. > Ah, a resolving design flaw ;-) small one, and common one. > > My solution would be really simple, i keep samba running.. :-/ > > Lots of options here, > Or just add 1 internet dns server in resolv.conf.Doesn't that only work if strict DNS resolution order is observed? Otherwise if the internet DNS responds first, it takes precedence over the DC response. My DNS service resolves any subdomain not known back to my WAN IP. If your internal domain is a subdomain of your external domain (as the best practice is) then this could be a problem.> > Or in your router as ip/dns forwarder if possible. > If you can add a forward zone in you router for example. > Like internal.domain.tld and forward that your samba-ad-dcI suggested that a week or two back with dnsmasq with dnsmask being the primary resolver but forwarding anything with internal.domain.tld to the DC but Rowland didn't like it. It also risks a DNS loop if the DC then uses the router as its upstream resolver if you try to resolve somedevice.internal.domain.tld which does not exist in the DC.> > >> >> I saw this discussion ( >> https://lists.samba.org/archive/samba/2020-August/231345.html) between >> Louis and Rowland but didn't know if it might apply to my situation. > > Ah, thats not a discussion, its just me telling, you can chainlink as many dns servers as you want. > But wize, no offcours not. > >> >> ~# cat /etc/netplan/50-cloud-init.yaml >> # This file is generated from information provided by >> # the datasource. Changes to it will not persist across an instance. >> # To disable cloud-init's network configuration capabilities, >> write a file >> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with >> the following: >> # network: {config: disabled} >> network: >> version: 2 >> ethernets: >> eth0: >> dhcp4: false >> addresses: [192.168.0.11/16] >> gateway4: 192.168.0.200 >> nameservers: >> search: [mydom.samdom.com] >> addresses: [192.168.0.11, 192.168.0.14, 192.168.0.200] >> >> 192.168.0.11 is this server >> 192.168.0.14 is another AD DC >> 192.168.0.200 is a router/gateway > > Nothing wrong with this. > > What i did for my home network. > > 1 samba ad-dc + dns > 1 router + dns forwarders > > I added the samba primary dns domain to the resolver settings in the router. > So internal.domain.tld > ip_samba_dns > (if you router is capable) > > Pc is set to, dns1 samba, dns2 router. > Samba turned off, fine, dns2 forwards to the internet. > Samba up again, fine, dns1 forards to the internet. > > Good luck, > > Greetz, > > Louis > > >
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nick > Howitt via samba > Verzonden: woensdag 16 september 2020 10:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] AD DC DNS question > > > > On 16/09/2020 08:57, L.P.H. van Belle via samba wrote: > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> Jonathan Kreider via samba > >> Verzonden: woensdag 16 september 2020 2:20 > >> Aan: samba at lists.samba.org > >> Onderwerp: [Samba] AD DC DNS question > >> > >> OS = Ubuntu 18.04 in an LXD container > >> Samba 4.11.x and up > >> > >> Is there a way to have DNS resolution on the server that can > >> coexist with > the samba ad dc internal DNS server? > > Yes > > > >> The way that I have it set up, > >> whenever samba is not running, then I can't use any web > resources b/c > >> everything goes through the samba internal DNS. So I can't > do system > >> updates and upgrades unless samba is running. > > Ah, a resolving design flaw ;-) small one, and common one. > > > > My solution would be really simple, i keep samba running.. :-/ > > > > Lots of options here, > > Or just add 1 internet dns server in resolv.conf. > Doesn't that only work if strict DNS resolution order is observed?No, i lowered the timeout to 1-3 seconds in resolv.conf and To keep some servers always running and have internet resolvable domainnames. ( ! Not internal) So, I added the 3the nameserver to resolv.conf If 1 and 2 are down, 3 is used. Yes, but i can add the needed domain, like internal.domain.tld in my router and point that to the samba ad-dc.> Otherwise if the internet DNS responds first, it takes > precedence over the DC response. My DNS service resolves any subdomain not > known back to my WAN IP. If your internal domain is a subdomain of your external > domain (as the best practice is) then this could be a problem.Yes, it can but it totaly depends on how you use it and how you setup it up. Also, the office dns setup is different then the one i use at home. For example in the office it looks like this. Caching and forwarding dns server on my proxy server. The samba primary and reverse zones are forwarded in the proxy to the samba-ad-dc dns. The external office domain is forwarded to the internet dns server. And ON the servers, not connected to WAN, all point to Sambadns1 Sambadns2 Internetdns> > > > Or in your router as ip/dns forwarder if possible. > > If you can add a forward zone in you router for example. > > Like internal.domain.tld and forward that your samba-ad-dc > I suggested that a week or two back with dnsmasq with dnsmask > being the primary resolver but forwarding anything with > internal.domain.tld to the DC but Rowland didn't like it. > It also risks a DNS loop if the DC then uses the router as > its upstream resolver if you try to resolve > somedevice.internal.domain.tld which does not exist in the DC.Yes, Rowland might not like it, but it does work. And no, in dnsmask you should setup to forward internal.domain.tld + reverse to the samba ad-dc. Only i dont know dnsmasq that good, i only use Bind9. I hope you can use the info.> > > > > >> > >> I saw this discussion ( > >> > https://lists.samba.org/archive/samba/2020-August/231345.html) between > >> Louis and Rowland but didn't know if it might apply to my > situation. > > > > Ah, thats not a discussion, its just me telling, you can > chainlink as many dns servers as you want. > > But wize, no offcours not. > > > >> > >> ~# cat /etc/netplan/50-cloud-init.yaml > >> # This file is generated from information provided by > >> # the datasource. Changes to it will not persist across > an instance. > >> # To disable cloud-init's network configuration capabilities, > >> write a file > >> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with > >> the following: > >> # network: {config: disabled} > >> network: > >> version: 2 > >> ethernets: > >> eth0: > >> dhcp4: false > >> addresses: [192.168.0.11/16] > >> gateway4: 192.168.0.200 > >> nameservers: > >> search: [mydom.samdom.com] > >> addresses: [192.168.0.11, 192.168.0.14, > 192.168.0.200] > >> > >> 192.168.0.11 is this server > >> 192.168.0.14 is another AD DC > >> 192.168.0.200 is a router/gateway > > > > Nothing wrong with this. > > > > What i did for my home network. > > > > 1 samba ad-dc + dns > > 1 router + dns forwarders > > > > I added the samba primary dns domain to the resolver > settings in the router. > > So internal.domain.tld > ip_samba_dns > > (if you router is capable) > > > > Pc is set to, dns1 samba, dns2 router. > > Samba turned off, fine, dns2 forwards to the internet. > > Samba up again, fine, dns1 forards to the internet. > > > > Good luck, > > > > Greetz, > > > > Louis > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >